Azure AD

In the default installation of webPDF the users are read from the XML database conf/users.xml. It is also possible to use the users from an AzureAD, i.e. an online Active Directory.

You set the AzureAD via the Admin Portal of the server under the item Server > User source.

Azure AD Registration

To use the Azure AD as a user source, you must register an application on the Azure Portal:

To do this, go to Azure Active Directory > App registrations in Azure AD and create a new application there. Select Supported account types according to your requirements.

If the application was created using Register, note the "Application ID" (clientId) from the Overview page, as this is required for the configuration. It is also important that the option Allow public client flows >Enable the following mobile and desktop flows under Authentication > Advanced settings is set to Yes.

Manual configuration

By adjusting the settings in conf/server.xml the user database can be changed.

caution

If possible, use the server's Admin Portal to modify the user database.

To use the users from an AzureAD, you need to add the "azureAd" entry in "user":

<user roleUserGroup="webPDFUser" roleAdminGroup="webPDFAdmin">
    <azureAd authority="https://login.microsoftonline.com/organizations/"
        clientId="4c0f....-....-....-....-......650a68"
        scope="user.read"/>
</user>

In the "azueAD" entry you have to specify the login URL "authority" of the AzueAD. You also need to configure the "clientId" (ID of the application's registration on the Azure AD portal).

Use the entries "roleAdminGroup" and "roleUserGroup" to define the group names to be assigned to the webPDF groups "user" and "admin". Change the group names to your AD groups:

<user roleAdminGroup="webPDFAdmin" roleUserGroup="webPDFUser">

After all adjustments have been made, the webPDF server must be restarted so that all settings are activated and users are read.